The root of a robust Internet

On 26 December 2006, a magnitude-7.0 earthquake struck off the southwest coast of Taiwan. This was the Hengchun earthquake, and the quake and its aftershocks resulted in six of the seven submarine cables serving Hong Kong being cut, severely disrupting Internet services on the Special Administrative Region.

PCCW, the largest Internet operator in Hong Kong, reported a reduction of 50% in data capacity, neighbouring Taiwan had a 100% outage to Hong Kong and South-East Asia, while China’s two main operators reported over 90% outages.

Amid the chaos, and while access to the global Internet was extremely restricted, the people of Hong Kong could still communicate with one another over the Internet within the Special Administrative Region. Why? It had root servers.

Che-Hoo Cheng, APNIC’s Development Director, helped establish a root server at Hong Kong Internet eXchange, or HKIX — one of two root servers in Hong Kong at that time — about three years before the earthquake hit the region.

“When the earthquake struck, Hong Kong essentially became disconnected from the global Internet because we lost more than 80 per cent of the external connectivity,” said Cheng. “But with the root servers we had installed in Hong Kong, we still had local DNS resolutions — albeit limited to .HK, .CN, .MO and some other domain names only — within Hong Kong. We could at least connect to the root servers within Hong Kong.

“Gradually some capacity was resumed because luckily we still had one submarine cable. But it took around a month before Internet services were fully restored.”

This major episode, said Cheng, “was a very good example of the benefit of having a root server locally as critical Internet infrastructure”.

Potential hosts should offer a high standard of infrastructure, security and Internet connectivity.

Root servers are used by almost every device on the Internet. Root servers do not participate in every name resolution query, but without their feed of root zone information into the caches of recursive servers, the DNS would grind to a halt.

Having multiple root servers improves the performance of DNS enquiries. The difference is not really noticeable to the user but from a technical viewpoint it can save several hundred milliseconds of time for DNS enquiries if a root server is installed locally and proper local peering is set up.

The primary reasons behind the use of multiple servers are not just diversity and availability but also security, resilience and stability. With the increase in the number of malicious DDoS attacks towards the Internet infrastructure, having more root servers across the globe means that when there is an attack on one root server IP address, traffic is diverted to many servers easily, minimising the potential damage and disruption to that root server. That is the beauty of the anycast technology used.